‼ CVE-2020-26270 ‼
📖 Read
via "National Vulnerability Database".
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2019-4738 ‼
📖 Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.1 discloses sensitive information to an authenticated user from the dashboard UI which could be used in further attacks against the system. IBM X-Force ID: 172753.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26201 ‼
📖 Read
via "National Vulnerability Database".
Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25967 ‼
📖 Read
via "National Vulnerability Database".
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SST) vulnerability📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35090 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35127 ‼
📖 Read
via "National Vulnerability Database".
Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27786 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Linux kernels implementation of MIDI (kernel 5.7-rc6), where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-35126 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy."📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27828 ‼
📖 Read
via "National Vulnerability Database".
There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-24447 ‼
📖 Read
via "National Vulnerability Database".
Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7536 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 CPUs (BMXP34* versions prior to V3.30) Modicon M340 Communication Ethernet modules (BMXNOE0100 (H) versions prior to V3.4 BMXNOE0110 (H) versions prior to V6.6 BMXNOR0200H all versions), that could cause the device to be unreachable when modifying network parameters over SNMP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7542 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-13530 ‼
📖 Read
via "National Vulnerability Database".
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7543 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7541 ‼
📖 Read
via "National Vulnerability Database".
A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of sensitive data when sending a specially crafted request to the controller over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26416 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions >=8.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-25838 ‼
📖 Read
via "National Vulnerability Database".
Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7537 ‼
📖 Read
via "National Vulnerability Database".
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Legacy Controllers Modicon Quantum & Modicon Premium (see security notifications for affected versions), that could cause denial of service when a specially crafted Read Physical Memory request over Modbus is sent to the controller.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-28220 ‼
📖 Read
via "National Vulnerability Database".
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-7535 ‼
📖 Read
via "National Vulnerability Database".
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerability Type) vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules (see security notification for affected versions), that could cause disclosure of information when sending a specially crafted request to the controller over HTTP.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26409 ‼
📖 Read
via "National Vulnerability Database".
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.📖 Read
via "National Vulnerability Database".